There are several methods to make your login script secure. The most crucial step for that is obviously to escape strings using real_escape_string() function that varies from the PHP version. This will get you rid of some common SQL injection attacks via form or address bar.
Another thing you must make secure is the user password. When talking about PHP and database, anything that comes in our mind is md5 hashing and password encryption. The most basic step we use is to encrypt the user password while registering in the internet.
This will generate the md5 hash of any value replaced by the variable password. However the MD5 hashing is most secure since 1991 there are still some tools that keeps record of hashes of most dictionary words. For example, MD5decrypter.com.
For example try decrypting 5f4dcc3b5aa765d61d8327deb882cf99 in MD5decrypter.com
This will clearly show you an decrypted form of the hash : password.
This means that some common dictionary words can be decrypted because most people use dictionary words or easy to remember words as their passwords. Only few of them considers creating confusing but memorable password.
But using some tweaks in MD5 hash, you can encrypt the has with your own little algorithm. For example, using salts.